Services which still blocks your account for supposedly “suspicious activity”, even though you have #TwoFactorAuthentication, is like saying “we don't trust our own #2FA system” and/or “we don't trust you, we think you shared your 2FA secret with someone”.
I don't know. If it is the latter, that's user-error and their problem. If we continue solving user-error issues, the end-user will never learn anything.
Is 2FA perfect? Of course not. But it is far less likely for an account to be compromised if 2FA is enabled (without user-error).
So, accounts with 2FA should not be included in the “we temporarily blocked your account because of suspicious activity”. If there was indeed a legitimate unauthorised account access, due to user-error, let the user deal with it and learn from it. Otherwise, what's the use of 2FA?
In the gaming industry, some companies actually do that. If your account has 2FA enabled, they automatically remove your account from IP address checks. This allows the account owner to freely use VPNs without getting banned because of IP jumps. They don't mention it officially, but you can test it. If you disable 2FA and use VPNs, you'll get banned sooner or later (and have to go through a lengthy verification process). If you have 2FA enabled, you're free to use VPNs all you want.
(We're not talking about [gaming] services where they have regional licensing deals. They will indeed ban your account if you use a VPN because it is a restriction due to the regional licensing deals in place.)
I dunno, just #RandomThoughts. It's a hassle to suddenly see you're temporarily blocked even though you have 2FA enabled anyway. (Some services will even disable your 2FA because they assumed you shared your 2FA secret.)
Sure, there are people who keep a copy of their 2FA secret in unsecure ways. That still falls under user-error. 2FA secrets should not be kept, at least that's how it was designed. If a user wants to keep it, then encrypt it and store it somewhere. For example, use #Cryptomator.
Are there others who are annoyed by two-factor authentication or is it just me??
After seven years I finally migrated to a new phone, but almost every app that you urgently need right now asks you to re-confirm who you are on the old phone that you left at home … 🙄 #cybersecurity#twofactorauthentication#nerv#annoying
My #GuildWars2#TwoFactorAuthentication was mysteriously removed. I have to set it up again today. No one has access to it, and I'm the only one with access to the PC I'm using for #GW2.
Be sure to check your account. Something is not right.